Hello, I am currently configuring some security policies in Windows Server 2019 environments, however the guide that I have as a reference, has some policies or configurations that I am not clear yet and I hope that here you can provide me with some suggestions, I indicate them below.
Remove administrative privileges from the "Administrator or administrator" account. Will remain in the system, but without any privileges
Access to a computer from the network: Delete the permissions of the "Everyone" group and add authenticated users.
Login on the local machine:
o On workstations: Disable the "guest" user of the machine.
o On servers: Delete the privileges for users, guests and remote access users through Terminal Server.
o On a domain controller: Disable Terminal Server users via Internet.
Verify that only administrative accounts can modify quotas, plan priorities, upload and download device drivers, use security audits and logs, modify the firmware environment, change the system performance profile, and take ownership of files and objects.On a client: verify on all clients that only authenticated users can turn off the machine.
On a server: verify that only administrators can shut down the machine.
This privilege should be removed from “Power users”, whenever possible.
Enable Windows options to use encryption for SMB communications.
Enable logon event auditing on all machines whose functionality is user authentication, for example, domain controllers.
Login accounts include user sessions and team sessions.
Configure Terminal Services to use Transport Layer Security (TLS) 1.0 to authenticate the server and encrypt communications. Change the default port of Termina Server. Do not activate the Web Terminal Services service.



